如果数据库实例位于公 共网络上，请使用 TLS 对数据库连接进行加密，以防止第三方拦截流量数据。 您需要两个有效的 TLS 证书，一个用于数据库实例（数据库服务器），一个用于 Gitea 实例（数据库客户 端）。两个证书都必须由受信任的 CA 签名。 数据库证书必须在 X509v3 Extended Key Usage 扩展属性中包含 TLS Web Server Authentication Authentication ，而客户端证 书则需要在相应的属性中包含 TLS Web Client Authentication 。 在数据库服务器证书中， Subject Alternative Name 或 Common Name 条目之一必须是数据库实例的完全限定域 名（FQDN）（例如 db.example.com ）。在数据库客户端证书中，上述提到的条目之一必须包含 Gitea 将用 tc\hosts ）中添加本地映射。这样可 以通过域名而不是 IP 地址进行数据库连接。有关详细信息，请参阅您系统的文档。 Gitea 使用的 PostgreSQL 驱动程序支持双向 TLS。在双向 TLS 中，数据库客户端和服务器通过将各自的证书 发送给对方进行验证来相互认证。换句话说，服务器验证客户端证书，客户端验证服务器证书。 1. 在数据库实例所在的服务器上，放置以下凭据： /path/to/postgresql

com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce- 3D645A26AB9FBD22.pub.gpg sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt metadata_expire=300 [gitlab_gitlab-ce-source] name=gitlab_gitlab-ce-source com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce- 3D645A26AB9FBD22.pub.gpg sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt metadata_expire=300 # yum install gitlab-ce -y #如果报gpg验证错误，可带上参数

SSH protocol but without the encryption and authentication overhead. The Cons Due to the lack of TLS or other cryptography, cloning over git:// might lead to an arbitrary code execution vulnerability https://example.com/project.git does not suffer from the same problem (unless the attacker can provide a TLS certificate for example.com). Running git clone git@example.com:project.git only suffers from them manually in the sendemail section in your ~/.gitconfig file: [sendemail] smtpencryption = tls smtpserver = smtp.gmail.com smtpuser = user@gmail.com smtpserverport = 587 After this is done

SSH protocol but without the encryption and authentication overhead. The Cons Due to the lack of TLS or other cryptography, cloning over git:// might lead to an arbitrary code execution vulnerability https://example.com/project.git does not suffer from the same problem (unless the attacker can provide a TLS certificate for example.com). Running git clone git@example.com:project.git only suffers from this them manually in the sendemail section in your ~/.gitconfig file: [sendemail] smtpencryption = tls smtpserver = smtp.gmail.com smtpuser = user@gmail.com smtpserverport = 587 After this is done

SSH protocol but without the encryption and authentication overhead. The Cons Due to the lack of TLS or other cryptography, cloning over git:// might lead to an arbitrary code execution vulnerability https://example.com/project.git does not suffer from the same problem (unless the attacker can provide a TLS certificate for example.com). Running git clone git@example.com:project.git only suffers from them manually in the sendemail section in your ~/.gitconfig file: [sendemail] smtpencryption = tls smtpserver = smtp.gmail.com smtpuser = user@gmail.com smtpserverport = 587 After this is done

config 命令来分别设置选 项， 或者你可以手动地将它们添加到你的 ~/.gitconfig 文件的 sendmail 区块： [sendemail] smtpencryption = tls smtpserver = smtp.gmail.com smtpuser = user@gmail.com smtpserverport = 587 当这完成后，你可以使用 git send-email customClient := &http.Client{ Transport: &http.Transport{ // 接受任何证书（可能对测试有用） TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, }, Timeout: 15 * time.Second, // 15 秒超时 CheckRedirect:

config 命令来分别设置选项， 或者你可以手动地将它们添加到你的 ~/.gitconfig 文件的 sendmail 区块： [sendemail] smtpencryption = tls smtpserver = smtp.gmail.com smtpuser = user@gmail.com smtpserverport = 587 当这完成后，你可以使用 git send-email customClient := &http.Client{ Transport: &http.Transport{ // 接受任何证书（可能对测试有用） TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, }, Timeout: 15 * time.Second, // 15 秒超时 CheckRedirect: func(req